Here's a little snippet for Configure.help. Could it (or something more
detailed) be included in the next release?
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home pageFrom: Russell Coker <russell_at_coker.com.au>-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
- text/plain attachment: conf
On Sun, 25 Nov 2001 14:55, Russell Coker wrote:
> Here's a little snippet for Configure.help. Could it (or something more
> detailed) be included in the next release?
Sorry, my previous message had a version with overly long lines.
I have attached a patch against the kernel source tree which has good line lengths.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home pageFrom: Stephen Smalley <sds_at_tislabs.com>-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
- text/x-diff attachment: diff
On Sun, 25 Nov 2001, Russell Coker wrote:
> Here's a little snippet for Configure.help. Could it (or something more
> detailed) be included in the next release?
We used to have Configure.help text for the SELinux kernel options (and default option settings in arch/i386/defconfig) in the original SELinux kernel patch (prior to migrating to LSM). I've deferred adding these changes to our patch to the LSM-patched kernel so far, since it often requires updating that patch for every new kernel version (currently, that patch only modifies the security/{Config.in,Makefile} files added by LSM, which rarely change). But I can transfer this text from the original SELinux kernel patch (with minor updates) for future releases.
As a side note on your actual text, the Development Module option is recommended for new users of SELinux, as noted in the README. In fact, some users of SELinux may chose to always build with the Development Module option and may simply use avc_toggle in an rc script to switch into enforcing mode during startup, always leaving them with the option of switching back to permissive mode as an administrator if desired. Or they can build without the Development Module option after verifying that the security policy configuration works for their needs if they want stricter security. That's up to the user.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT